One week ago, details about widespread vulnerabilities in modern processors became public. One variant, named 'Meltdown,' affected every modern Intel chip. Two other variants, collectively known as 'Spectre,' are known to affect chips from Intel, AMD, and ARM (at the very least). Most Google products are already protected against these threats, but now the company has made it easier to tell which Chromebooks are patched.

Holy Chromebooks, Batman!

Google has published a table on the Chromium Wiki, listing every Chromebook and the Meltdown patch progress for each. The vast majority of models are already safe, or weren't affected by Meltdown in the first place. As you might expect, Chromebooks that have already stopped receiving updates (like the CR-48 and Samsung Series 5) are not being patched.

The process of protecting against Spectre is far more complicated, but Chrome's optional Site Isolation feature will plug the hole in most use cases. This can be turned on by switching the #enable-site-per-process flag (copy and paste that link into Chrome's address bar) to 'Enabled.'

You can see the full list of Chromebooks at the source link below. If your model has "Yes" or "Not Needed" in the "mitigations (KPTI) on M63" column, you're safe.

Older kernels will be patched with KPTI in a future release. Known attacks do not affect existing ARM Chrome OS devices, but these devices will also be patched with KPTI in a future release."

It sounds like Google itself is doing it, even if Linux kernel devs aren't.

danwat1234

Will Google give users an estimation of how much of a slowdown users should expect in certain workloads after the Patch?

Andrew

The Cr-48, and probably some of the other earliest Chromebooks, aren't actually susceptible to Meltdown because Intel Atom CPU's made before some time around 2013 don't have speculative execution. They're still susceptible to other bug that aren't being patched, of course.